{ lib, pkgs, ... }: { nixpkgs.overlays = import ../overlays; nix.package = lib.mkDefault pkgs.lix; services.openssh.enable = lib.mkForce true; networking.firewall.enable = true; networking.firewall.logRefusedConnections = false; networking.firewall.logReversePathDrops = true; services.nginx = { recommendedOptimisation = lib.mkDefault true; recommendedTlsSettings = lib.mkDefault true; recommendedProxySettings = lib.mkDefault true; recommendedGzipSettings = lib.mkDefault true; }; nix.gc = { automatic = true; persistent = true; dates = "daily"; options = "--delete-older-than 30d"; }; services.journald.extraConfig = "SystemMaxUse=512M"; boot.kernelParams = [ "panic=30" "boot.panic_on_fail" ]; }